Organizations of all types and sizes are confronting increased cybercrime threats, particularly in the form of ransomware attacks, which prevent organizations from accessing their systems or data until a ransom is paid. These attacks can cause extensive economic and reputational harm to organizations. Organizations maintaining or relying on critical infrastructure or handling highly sensitive and proprietary data have become targets of ransomware. Health care and life sciences organizations are at particular risk.
To respond effectively, organizations must be prepared and navigate various regulatory requirements, operational challenges, possible reputational risks, and cybersecurity insurance policies, and depending on the scope of the attack, an organization’s long-term financial and market outlook may be severely impacted.
EBG attorneys are thought leaders in anticipating cyberattacks and designing effective strategies to combat and respond to these threats. We partner with our clients to protect all their sensitive data, including PHI, personal data, proprietary data, emerging technologies, and trade secrets. Clients value our ability to translate regulatory standards requiring reasonable and effective cybersecurity measures into practical solutions and programs consistent with risk and operational needs.
Effectively managing the threat from ransomware attacks demands a two-pronged proactive and reactive strategy. Preparation is critical to ensuring an optimal response to a future ransomware incident that minimizes an organization’s downtime and limits economic and operational harm. Responding to a successful attack can be complex as an organization’s response must be not only effective but also legally compliant with respect to a number of regulatory regimes—including, but not limited to, HIPAA, the HITECH Act, and guidance from the U.S. Department of the Treasury's Office of Foreign Assets Control.
- Review and update cybersecurity policies and procedures.
- Prepare incident response protocols.
- Counsel on business continuity strategies.
- Analyze contracts to ensure appropriate allocation of risk.
- Review cybersecurity insurance policies for appropriate coverage.
- Provide live or virtual trainings.
- Conduct vulnerability scanning and penetration testing.
- Conduct “tabletop” preparedness exercises.
- Establish and convene a Security Event Response Team to investigate and respond.
- Engage a cybersecurity forensics firm under privilege.
- Provide counsel on carrying out business continuity plans.
- Establish protocols and provide support when notifying law enforcement authorities and other regulators.
- Counsel clients on the payment of ransom to threat actors.
- Defend clients in disputes.